Embedded Video is a WordPress Plugin created by Jovel Stefan to easily embedded videos in blog posts. The videos can be uploaded to the web server
or come from external portals (like YouTube, Google Video and others). Links to the video on the video portal or for download of the video can be
automatically generated as well. The linktext is also configurable individually. Furthermore a fixed prefix for the linktext can be determined. The
videos can be integrated easily by using the built-in WYSIWYG editor. The plugin has a Cross Site Script (XSS) vulnerability.

This problem was confirmed in the latest version of the plugin, other versions maybe also affected.

The developer of the replied to the advisory in a very responsible and fast manner, but unfortunately, there will be no updates due to the fact that
this plugin is not maintained anymore.

This vulnerability has been brought to our attention by Wagner Elias from Conviso IT Security company (http://www.conviso.com.br) and researched
internally by Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team (VDT).